GDPR, CCPA How to protect data via encryption and use a Proxy Server to allow eCommerce, website, back-end Apps and Iot (data in motion) to continue operating. Don’t let what happened to Facebook happen to you.
Facebook said on December 12, 2019 they were ready for the new California privacy law!
But just a few weeks later, on December 20, 2019, 267 million more Facebook Users were Breached. Confused???
77% of Facebook users surveyed have little or no confidence that their data will remain private on Facebook.
General Compliance Steps everyone must navigate to avoid what has occurred at other companies;
- Discover Personal data that is either at rest, in motion, or in temporary staging areas. There are a number of products that should be able to perform this task. However, keep in mind that the discovery process is really much more than locating personal information! Discovery must also build quality metadata from which the encryption process can be completed and from which Data Scientist can verify the discovery was complete and accurate to the Row and Column Level. If your Discovery software only ‘samples’ data from your files it won’t be able to support the complete encryption process as required. You are now at a dead end.
- Just as a ‘Proper’ Discovery Process supports encryption, a proper Encryption Process is necessary for the most important phase of Compliance, and that is making the encrypted data usable by your eCommerce Systems, Business Apps and Marketing Reports. If your Compliance software can’t use the encrypted data or your vendor or in-house development team doesn’t have a plan to offer, then you are again at a dead end.
- Now that you have technology that will Discoverer Personal Data, Encrypt that data while creating Master Encryption Keys at various levels, you will still need a product to interact between your applications and the encrypted data. What are your choices for software to accomplish this?
- You could modify all your applications and Websites to perform this function, but you would need to find every line of code where a data request was initiated or where a data update was attempted. Your staff will be busy for a very long time (years).
- For 3rd party software you would need to contact the vendor and ask them if they have a version of their product that can interact with encrypted data, or would be willing to make their products able to interact with encrypted data. Hopefully they are still in business and willing to work with you. OR
- You could use a Proxy Server! This software intercepts every request for data made to a database or data file system with encrypted data, by any Website, an Application, or by 3rd Party software in your environment and performs all the necessary encryption and decryption processes so that your applications can match, convert and present unencrypted data to customers or employees performing Customer Centric functions. In sounds like Magic, but DPIAComply has built what are perhaps the only functioning Proxy Servers on the market today. Compliance efforts are now dramatically reduced to weeks / months rather than years as the DPIAComply Proxy Servers are already built for all three components of the compliancy project.
– As new data or data modifications appear, our Proxy Server will update the metadata created
in Step 1 and properly update the encrypted data files so that both are never out of date.
– Our Metadata supports other Compliance tasks such as Right of Information and Right of
Use our Technology on your Premises, on Amazon’s AWS (AMI) or even a VM on a
departmental Desktop or Laptop (for small companies) to see for yourself this is real, that it
works as we claim that it scales to handle most any data volumes and that your eCommerce,
websites and most all back-end processes will run as usual.
Contact us 847-440-4439 www.dpiacomply.com